Sandbox

What is Sandbox?

Sandbox is a free Web browser for mobile devices that restricts users to a predefined list of allowed websites (called a “whitelist”). Sandbox is a great solution for classrooms or kiosks where users should only be browsing specified sites. This may include a list of predefined news articles for students, or your company’s homepage for a kiosk in a visitors' center.

Features

Sandbox allows you to…

customize the visibility of user interface items,

add bookmarks for approved websites,

restrict users to one or multiple websites (based on host name),

automatically return to the home page after the device has been idle for a specified amount of time,

prevent users from using web forms,

only allow browsing for a specified amount of time each day,

lock configuration settings with a passcode to prevent other users from changing settings,

use your device as a display for online media by utilizing Kiosk Mode, Requires IAP

take advantage of iOS’s new WKWebKit for an ehnanced browsing experience, and Requires IAP

Configuring Sandbox

To configure an individual device, install Sandbox and then open the Settings application. Near the bottom of the first screen, you’ll find a section for Sandbox configuration options. Here are your options:

Setting

Description

Start Page

This is the home page -- the page that Sandbox loads when you tap the Home button. This is also the page that Sandbox loads when the app starts if Reset on Exit is enabled.

Domain Whitelist

These are the domains that users are allowed to access; you may list up to 20 of them.

Bookmarks

The bookmarks appear under the bookmarks menu in the application; these are automatically "whitelisted."

Message

This is the title of the message that appears to the user when he/she attempts to visit a page that they do not have access to.

Idle Time

This setting is especially useful if you're setting up a kiosk--it allows you to specify a period of time to wait before it automatically resets to the start page. So, for example, if no one has touched the screen in five minutes, return to the start page

Reset on Exit

Sandbox returns to the Start Page whenever the app launches.

Clear Cache during Reset

Sandbox will clear it's cache and reset the browsing history when it resets (see Reset on Idle or Reset on Exit).

Edit URL

Disable this option to prevent the user from manually entering a URL.

Strict URL Filtering

By default, web pages are permitted to load data from other websites (such as an embedded YouTube video or image). Enabling this option will only allow web pages to load data from whitelisted sources.

Status Bar

Disable this option to hide the status bar (the bar with the clock and battery indicator).

Navigation Bar

Disable this option to hide the address bar. On the iPad, this hides all of the buttons. On the phone, this only hides the refresh button.

Toolbar

Disable this to hide the bar at the bottom of the screen on the phone. This doesn't affect anything on the tablet.

Disable Sleep Lock

Enable this option to prevent the device from falling asleep while the app is open.

Disable Web Forms

Enable this option to prevent users from being able to use or fill out web forms.

Data Detectors

The app can automatically turn phone numbers, addresses, and calendar events to links. By default, these are all disabled.

Time Limit

This option allows you to set a limit on the amount of time the app can be used each day. After the time limit is reached the app will show a lock screen until the next day. If you have a passcode set, you can put the device in landscape orientation and tap the screen 5 times then enter your passcode when prompted. This resets the time limit for the day.

Passcode

Enable this option to set a passcode to prevent users from changing the settings without the passcode. Once enabled, open Sandbox to actually set the passcode.

Advanced Options

Enable this option to show the Advanced Options on the toolbar. The advanced options screen allows users to make in-app purchases such as Kiosk Mode and Enhanced Mode

Kiosk Mode Requires IAP

Enable this option from within Advanced Options to tell the app to ignore all touches from the user. The user will not be able select any links or scroll the page.

Enhanced Mode Requires IAP

Sandbox's Enhanced Mode utilizes iOS’s new WKWebKit in order to provide a faster web browsing experience. This feature is only available on iOS 8 and above and is found within Advanced Options.

Configuration for Multiple iOS Devices Requires IAP

Sandbox enables users to configure the application using a Sandbox configuration plist file. This functionality is particularly useful to administrators who wish to configure Sandbox on multiple devices, relieving them from having to manually configure each device individually. To configure Sandbox with a configuration plist file, it is necessary to construct a Sandbox configuration property list file (also known as a plist file). Property list files have the file extension ‘.plist’. A template configuration plist file is available at http://sandbox.floatlearning.com/exampleConfig.plist.

Once a configuration plist has been created, administrators may now easily load the profile onto many devices. Sandbox accommodates this through the use of a custom URL schema. Using Mobile Safari (or a link in an email, a webclip, etc.), navigate to floatsandbox://configuration/example.com/configuration.plist. For example, floatsandbox://configuration/sandbox.floatlearning.com/exampleConfig.plist.

For your convenience, here are some sample Configuration files to get you started on setting up Sandbox:

A Sandbox configuration plist is an XML file that conforms to Apple’s Property List document type. The configuration plist must be valid XML, meaning it must begin with an XML-type declaration followed by a DOCTYPE declaration. Both of these lines may be copied from the profile template available on Float’s website.

Configuration Options

User Interface options

iOS Status Bar

This settings allows hiding of iOS’s default status bar. Set this value to true to show the status bar. Set it to false to hide the status bar. Its default value is true.

key: statusBarKey
type: boolean
default: <false/>

Set this value to <true/> to disable the status bar.

Note: The status bar is an iOS default interface element.
It is the upper-most interface element. This setting affects both
iPhone and iPad versions of Sandbox.

Navigation Bar

This settings allows the hiding of Sandbox’s navigation bar. Set this value to true to show the navigation bar. Set it to false to hide the navigation bar. Its default value is true.

key: navBarKey
type: boolean
default: <false/>

Set this value to <true/> to disable the navigation bar.

Note: The navigation bar is the bar that appears at the top of the Sandbox interface. This setting affects both iPhone and iPad versions of Sandbox.

----

Toolbar

This settings allows the hiding of Sandbox’s toolbar. Set this value to true to show the toolbar. Set it to false to hide the toolbar. Its default value is true.

key: toolBarKey
type: boolean
default: <false/>

Set this value to <true/> to disable the toolbar.

Note: The toolbar is only used in the iPhone version of Sandbox. It is the interface at the bottom of the screen. The value of this setting will not affect the interface of Sandbox running on an iPad.

Customizing the “Restricted” message

When a user attempts to visit a website blocked by Sandbox, the user is presented with the “restricted message.” This is the message that alerts the user that they are not being granted access to the URL they’re trying to access.

Configuring the Home Page

When the application launches, Sandbox will display the URL set in the start page setting. This is the first page users will see when interacting with a configured version of Sandbox.

key: startPageKey
type: string
default: (blank)

Configuring the Idle Timer

Sandbox has the ability to keep the device awake at all times. If the idle timer is enabled, the application will return to its home page when the time has elapsed.

key: idleRestartKey
type: boolean
default: <false/>

Set this to <true/> if you want to enable Sandbox’s idle timer.

key: idleTimeKey
type: integer
default: 1

Set this value to the number of minutes Sandbox should wait before returning to its home page.

Configuring the Email Share Option

Sandbox has the ability to share a webpage via email

key: shareEmailEnabledKey
type: boolean
default: <true/>

Set this value to <false/> if you want to disable email sharing.

Configuring the Printing Option

Sandbox has the ability to print the current webpage from a device.

key: sharePrintEnabledKey
type: boolean
default: <true/>

Set this value to <false/> if you want to disable printing.

Configuring the Application’s Lifecycle

Sandbox has the ability to either retain its most recent state, or return to its home page if the application is exited and then resumed.

key: exitRestartKey
type: boolean
default: <false/>

Set this value to <true/> if you want Sandbox to return to its home page if the application is interrupted and then returns to an active state.

Clearing Cache and Resetting Browser History

Whenever Sandbox resets (either after the idle timer fires or when it is exited and resumed), it can also clear it's cache and browsing history.

key: restartClearsCacheKey
type: boolean
default: <true/>

Set this value to <false/> if you want to prevent Sandbox from clearing it's cache and history when it resets.

Configuring Whitelist and Bookmarks

Sandbox is governed by a “whitelist.” Only web resources validated against the whitelist will be displayed within the application. The whitelist is a list of approved domains under which content may be viewed. For example, if gowithfloat.com is added to the whitelist, all content under gowithfloat.com and its subdomains will be approved and loaded by Sandbox. Because the whitelist is a list, its data type is slightly more complex than those previously listed.

Whitelist

The whitelist is an array of strings representing the hostnames of sites that the user may access.

key: whitelistKey
type array
default: (blank)

Enter all domains accessible to the user.

Note: This list can vary from one item to many items depending on the specific scenario in which Sandbox is implemented.

Bookmarks

Sandbox also allows administrators to set bookmarks inside the application. If there are any bookmarks entered in the bookmarks list, the user can access the items by simply tapping the “bookmarks” button in Sandbox’s toolbar. If a site is bookmarked, it is automatically whitelisted. Users can always access bookmarked URLs. The bookmark setting is also of type array and should follow the same pattern as configurations of the whitelist key.

key: bookmarksKey
type: array
default: none

Enter all domains accessible to the user from Sandbox’s bookmarks button.

Note: The option to display the bookmarks list will be disabled if no bookmarks are included in this configuration.

Locking the Configuration with a Passcode

After configuring Sandbox with a configuration plist, administrators will be presented the opportunity to lock any further changes to the application’s settings by means of a passcode.

If Sandbox successfully configures itself from a configuration plist, the administrator will be asked if they wish to set a four-digit passcode. If they answer yes, the application will securely store this passcode.

If any attempts to change Sandbox’s settings are made while protected by a passcode, the user will be alerted that their actions will not be saved unless they enter the correct passcode. Upon entering the correct passcode, any changes made will be saved to the application’s
settings.

If an administrator attempts to configure Sandbox using a configuration plist after a passcode has been set, they will be presented with an opportunity to enter the security passcode. If the passcode entered is correct, Sandbox will configure itself with the
new profile. If the password is incorrect, no changes will be made to Sandbox’s settings.

If an administrator forgets the passcode, Sandbox will be permanently locked. It will be necessary to delete Sandbox from the device and then reconfigure the application.

Special Characters in Configuration Files

There are a handful of special characters that need to be escaped before using in a Property List file. If you want to use any of these characeters, replace them with the "escaped character":

Character

Escaped Character

& (ampersand)

&amp;

< (less than)

&lt;

> (greater than)

&gt;

" (quotation mark)

&quot;

For example, if you wanted to create a bookmark named Help & Information, you would enter Help &amp; Information.

Disabling Safari on iOS Devices

Once you've set up Sandbox, you may want to consider disabling Safari (the built-in browser) on the device and removing any other browser apps (like Chrome). This makes Sandbox the only browser on the device ensuring that the user is only able to access the websites that have been allowed.

To disable Safari:

Open the Settings app and select the General section.

Select Restrictions.

Select Enable Restrictions and set a passcode.

Disable Safari.

Safari's settings will be preserved, so you are free to enable it again later (you'll need to enter the passcode you set up in step 3, so don't forget it).

Be sure to enable the Passcode in Sandbox to protect the configuration you've set up from changing!

Disabling Web Browsers on Android Devices

Once you've set up Sandbox, you may want to consider disabling other web browsers on the device. This ensures that the user is only able to access the websites that have been allowed.

The following directions use the restricted profile feature available in Android 4.3 and later. If you do not have version 4.3 or later, try using the app Sure Lock to mimic this functionality.

To disable web browsers:

Open the Settings app and Select the Users section.

Touch add user or profile then select Restricted Profile.

Using the ON/OFF toggles, select the Sandbox app.

Make sure that no other web browsers are enabled on the restricted profile.

Be sure to set a password on the device's main profile to prevent individuals from tampering with the configured settings.

Be sure to enable the Passcode in Sandbox to protect the configuration you've set up from changing!

Preventing Sandbox from Closing on iOS

Once you've set up Sandbox, you may want to set up the device so that Sandbox is the only app that it will run. If you want to prevent users from closing Sandbox (or even turning off the device), enable Guided Access.

To enable Guided Access:

Open the Settings app and select the General section.

Select Accessibility.

Scroll down and select Guided Access.

Enable Guided Access.

Return to Sandbox and triple-click the home button.

Set a passcode (if you haven't already).

Review which Guided Access options you want to enable; be sure to hit Start to enable Guided Access mode.

Attempting to close Sandbox while Guided Access is enabled will trigger a message to appear at the top of the screen notifying about Guided Access. To disable Guided Access, triple-click the home button and enter the passcode you set up in step 6 above.

Consider disabling the Navigation Bar, Toolbar, and Status Bar settings in Sandbox so that the browser appears full screen. You can even enable Kiosk Mode to ignore touches on the screen.

Preventing Sandbox from Closing on Android

Once you've set up Sandbox, you may want to set up the device so that Sandbox is the only app that it will run. This can be done by using a Restricted Profile as explained in the "Disabling Web Browsers on Android Devices" section.

If you want to prevent users from closing Sandbox (or even turning off the device) install the app Sure Lock.

Consider disabling the Navigation Bar and Status Bar settings in Sandbox so that the browser appears full screen.